Vulnerability-Lookup

BDU:2017-02383

Vulnerability from fstec - Published: 22.09.2016

Title

Уязвимость функции inflateMark библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции inflateMark (inflate.c) библиотеки zlib вызвана ошибкой обработки отрицательных чисел. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать неопределённое поведение программы, что может привести к нарушению конфиденциальности, целостности и доступности защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Novell Inc., Жан-Лу Гайи, Марк Адлер, IBM Corp., Red Hat Inc., Canonical Ltd., Apple Inc., Oracle Corp., Сообщество свободного программного обеспечения, Huawei Technologies Co., Ltd., АО "НППКТ"

Software Name

openSUSE, zlib, OpenSUSE Leap, IBM Vios, IBM Java, Red Hat Enterprise Linux, IBM i, IBM Aix, Ubuntu, MacOS, Database Server, Debian GNU/Linux, Huawei Mate 9 Pro, iOS, Java SE, Java SE Embedded, MySQL Server, watchOS, tvOS, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

13.2 (openSUSE), 1.2.8 (zlib), 42.2 (OpenSUSE Leap), 2.2.0.0 (IBM Vios), 2.2.1.0 (IBM Vios), 2.2.1.1 (IBM Vios), 2.2.1.3 (IBM Vios), 2.2.1 4 (IBM Vios), 2.2.1.8 (IBM Vios), 2.2.1.9 (IBM Vios), 2.2.2.0 (IBM Vios), 2.2.2.4 (IBM Vios), 2.2.2.5 (IBM Vios), 2.2.2.6 (IBM Vios), 2.2.3.0 (IBM Vios), 2.2.3.2 (IBM Vios), 2.2.3.3 (IBM Vios), 2.2.3.4 (IBM Vios), 2.2.3.50 (IBM Vios), 2.2.4.0 (IBM Vios), SDK 8 SR 4 FP 2 (IBM Java), SDK 7R1 SR 4 FP 1 (IBM Java), SDK 7 SR 10 FP 1 (IBM Java), SDK 6R1 SR 8 FP 7 (IBM Java), SDK 6R1 SR 8 FP 5 (IBM Java), SDK 6R1 SR 8 FP 30 (IBM Java), SDK 6R1 SR 8 FP 26 (IBM Java), SDK 6R1 SR 8 FP 25 (IBM Java), SDK 6R1 SR 8 FP 21 (IBM Java), SDK 6R1 SR 8 FP 15 (IBM Java), SDK 6 SR 16 FP 7 (IBM Java), SDK 6 SR 16 FP 5 (IBM Java), SDK 6 SR 16 FP 41 (IBM Java), SDK 6 SR 16 FP 30 (IBM Java), SDK 6 SR 16 FP 26 (IBM Java), SDK 6 SR 16 FP 25 (IBM Java), SDK 6 SR 16 FP 22 (IBM Java), SDK 6 SR 16 FP 15 (IBM Java), 42.1 (OpenSUSE Leap), Workstation Supplementary 7 (Red Hat Enterprise Linux), Workstation Supplementary 6 (Red Hat Enterprise Linux), Server Supplementary 7 (Red Hat Enterprise Linux), Server Supplementary 6 (Red Hat Enterprise Linux), HPC Node Supplementary 6 (Red Hat Enterprise Linux), Desktop Supplementary 6 (Red Hat Enterprise Linux), ComputeNode Supplementary 7 (Red Hat Enterprise Linux), 6.1 (IBM i), 7.1 (IBM i), 7.2 (IBM i), 7.3 (IBM i), 5.3 (IBM Aix), 6.1 (IBM Aix), 7.1 (IBM Aix), 7.2 (IBM Aix), 18.04 LTS (Ubuntu), до High Sierra 10.13 (MacOS), 18c (Database Server), 8 (Debian GNU/Linux), EMUI5.0 (Huawei Mate 9 Pro), до 11.0 (iOS), 16.04 ESM (Ubuntu), 6u161 (Java SE), 7u151 (Java SE), 8u144 (Java SE), 8u144 (Java SE Embedded), до 5.5.61 включительно (MySQL Server), от 5.6.0 до 5.6.41 включительно (MySQL Server), от 5.7.0 до 5.7.23 включительно (MySQL Server), от 8.0.0 до 8.0.12 включительно (MySQL Server), до 4 (watchOS), до 11 (tvOS), до 2.6 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 Для Huawei Mate 9 Pro: Обновление программного обеспечения до версии EMUI9.1.0 и выше Для Ubuntu: https://ubuntu.com/security/notices/USN-4292-1 https://ubuntu.com/security/notices/USN-4246-1 Для продуктов Oracle: https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2017.html https://www.oracle.com/security-alerts/cpuoct2018.html Для продуктов Apple: https://support.apple.com/ru-ru/HT208144 https://support.apple.com/ru-ru/HT208115 https://support.apple.com/ru-ru/HT208113 https://support.apple.com/ru-ru/HT208112 Для Debian: https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html Для продуктов Novell Inc.: https://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/MRDJW3XPN3FW5WF3DYT3WFOMUPP6KZBF/ https://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/OMSIGJVQEP2NTF5TWWHTMFKCQAJECWL4/ https://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/BZLCLEULOCMWPTCCKHV4XUTP4TXOHF66/ Для продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2016-9842 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения rsync до версии 3.2.6-1

Reference

http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https://bugzilla.redhat.com/show_bug.cgi?id=1402348 https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 https://security.gentoo.org/glsa/201701-56 https://wiki.mozilla.org/images/0/09/Zlib-report.pdf https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib https://ubuntu.com/security/notices/USN-4292-1 https://ubuntu.com/security/notices/USN-4246-1 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2017.html https://www.oracle.com/security-alerts/cpuoct2018.html https://support.apple.com/ru-ru/HT208144 https://support.apple.com/ru-ru/HT208115 https://support.apple.com/ru-ru/HT208113 https://support.apple.com/ru-ru/HT208112 https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html https://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/MRDJW3XPN3FW5WF3DYT3WFOMUPP6KZBF/ https://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/OMSIGJVQEP2NTF5TWWHTMFKCQAJECWL4/ https://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/BZLCLEULOCMWPTCCKHV4XUTP4TXOHF66/ https://access.redhat.com/security/cve/CVE-2016-9842 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/

CWE

CWE-189

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0416\u0430\u043d-\u041b\u0443 \u0413\u0430\u0439\u0438, \u041c\u0430\u0440\u043a \u0410\u0434\u043b\u0435\u0440, IBM Corp., Red Hat Inc., Canonical Ltd., Apple Inc., Oracle Corp., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Huawei Technologies Co., Ltd., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "13.2 (openSUSE), 1.2.8 (zlib), 42.2 (OpenSUSE Leap), 2.2.0.0 (IBM Vios), 2.2.1.0 (IBM Vios), 2.2.1.1 (IBM Vios), 2.2.1.3 (IBM Vios), 2.2.1 4 (IBM Vios), 2.2.1.8 (IBM Vios), 2.2.1.9 (IBM Vios), 2.2.2.0 (IBM Vios), 2.2.2.4 (IBM Vios), 2.2.2.5 (IBM Vios), 2.2.2.6 (IBM Vios), 2.2.3.0 (IBM Vios), 2.2.3.2 (IBM Vios), 2.2.3.3 (IBM Vios), 2.2.3.4 (IBM Vios), 2.2.3.50 (IBM Vios), 2.2.4.0 (IBM Vios), SDK 8 SR 4 FP 2 (IBM Java), SDK 7R1 SR 4 FP 1 (IBM Java), SDK 7 SR 10 FP 1 (IBM Java), SDK 6R1 SR 8 FP 7 (IBM Java), SDK 6R1 SR 8 FP 5 (IBM Java), SDK 6R1 SR 8 FP 30 (IBM Java), SDK 6R1 SR 8 FP 26 (IBM Java), SDK 6R1 SR 8 FP 25 (IBM Java), SDK 6R1 SR 8 FP 21 (IBM Java), SDK 6R1 SR 8 FP 15 (IBM Java), SDK 6 SR 16 FP 7 (IBM Java), SDK 6 SR 16 FP 5 (IBM Java), SDK 6 SR 16 FP 41 (IBM Java), SDK 6 SR 16 FP 30 (IBM Java), SDK 6 SR 16 FP 26 (IBM Java), SDK 6 SR 16 FP 25 (IBM Java), SDK 6 SR 16 FP 22 (IBM Java), SDK 6 SR 16 FP 15 (IBM Java), 42.1 (OpenSUSE Leap), Workstation Supplementary 7 (Red Hat Enterprise Linux), Workstation Supplementary 6 (Red Hat Enterprise Linux), Server Supplementary 7 (Red Hat Enterprise Linux), Server Supplementary 6 (Red Hat Enterprise Linux), HPC Node Supplementary 6 (Red Hat Enterprise Linux), Desktop Supplementary 6 (Red Hat Enterprise Linux), ComputeNode Supplementary 7 (Red Hat Enterprise Linux), 6.1 (IBM i), 7.1 (IBM i), 7.2 (IBM i), 7.3 (IBM i), 5.3 (IBM Aix), 6.1 (IBM Aix), 7.1 (IBM Aix), 7.2 (IBM Aix), 18.04 LTS (Ubuntu), \u0434\u043e High Sierra 10.13 (MacOS), 18c (Database Server), 8 (Debian GNU/Linux), EMUI5.0 (Huawei Mate 9 Pro), \u0434\u043e 11.0 (iOS), 16.04 ESM (Ubuntu), 6u161 (Java SE), 7u151 (Java SE), 8u144 (Java SE), 8u144 (Java SE Embedded), \u0434\u043e 5.5.61 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u043e\u0442 5.6.0 \u0434\u043e 5.6.41 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u043e\u0442 5.7.0 \u0434\u043e 5.7.23 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u043e\u0442 8.0.0 \u0434\u043e 8.0.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server), \u0434\u043e 4 (watchOS), \u0434\u043e 11 (tvOS), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958\n\n\u0414\u043b\u044f Huawei Mate 9 Pro: \n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 EMUI9.1.0 \u0438 \u0432\u044b\u0448\u0435\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4292-1\nhttps://ubuntu.com/security/notices/USN-4246-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\nhttps://www.oracle.com/security-alerts/cpujul2020.html\nhttps://www.oracle.com/security-alerts/cpuoct2017.html\nhttps://www.oracle.com/security-alerts/cpuoct2018.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple:\nhttps://support.apple.com/ru-ru/HT208144\nhttps://support.apple.com/ru-ru/HT208115\nhttps://support.apple.com/ru-ru/HT208113\nhttps://support.apple.com/ru-ru/HT208112\n\n\u0414\u043b\u044f Debian:\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00027.html\nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00030.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/MRDJW3XPN3FW5WF3DYT3WFOMUPP6KZBF/\nhttps://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/OMSIGJVQEP2NTF5TWWHTMFKCQAJECWL4/\nhttps://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/BZLCLEULOCMWPTCCKHV4XUTP4TXOHF66/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2016-9842\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f rsync \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.2.6-1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.09.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.11.2017",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2017-02383",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-9842",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE, zlib, OpenSUSE Leap, IBM Vios, IBM Java, Red Hat Enterprise Linux, IBM i, IBM Aix, Ubuntu, MacOS, Database Server, Debian GNU/Linux, Huawei Mate 9 Pro, iOS, Java SE, Java SE Embedded, MySQL Server, watchOS, tvOS, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE 13.2 , Novell Inc. OpenSUSE Leap 42.2 , IBM Corp. IBM Vios 2.2.0.0 , IBM Corp. IBM Vios 2.2.1.0 , IBM Corp. IBM Vios 2.2.1.1 , IBM Corp. IBM Vios 2.2.1.3 , IBM Corp. IBM Vios 2.2.1 4 , IBM Corp. IBM Vios 2.2.1.8 , IBM Corp. IBM Vios 2.2.1.9 , IBM Corp. IBM Vios 2.2.2.0 , IBM Corp. IBM Vios 2.2.2.4 , IBM Corp. IBM Vios 2.2.2.5 , IBM Corp. IBM Vios 2.2.2.6 , IBM Corp. IBM Vios 2.2.3.0 , IBM Corp. IBM Vios 2.2.3.2 , IBM Corp. IBM Vios 2.2.3.3 , IBM Corp. IBM Vios 2.2.3.4 , IBM Corp. IBM Vios 2.2.3.50 , IBM Corp. IBM Vios 2.2.4.0 , IBM Corp. IBM Java SDK 8 SR 4 FP 2 , IBM Corp. IBM Java SDK 7R1 SR 4 FP 1 , IBM Corp. IBM Java SDK 7 SR 10 FP 1 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 7 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 5 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 30 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 26 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 25 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 21 , IBM Corp. IBM Java SDK 6R1 SR 8 FP 15 , IBM Corp. IBM Java SDK 6 SR 16 FP 7 , IBM Corp. IBM Java SDK 6 SR 16 FP 5 , IBM Corp. IBM Java SDK 6 SR 16 FP 41 , IBM Corp. IBM Java SDK 6 SR 16 FP 30 , IBM Corp. IBM Java SDK 6 SR 16 FP 26 , IBM Corp. IBM Java SDK 6 SR 16 FP 25 , IBM Corp. IBM Java SDK 6 SR 16 FP 22 , IBM Corp. IBM Java SDK 6 SR 16 FP 15 , Novell Inc. OpenSUSE Leap 42.1 , Red Hat Inc. Red Hat Enterprise Linux Workstation Supplementary 7 , Red Hat Inc. Red Hat Enterprise Linux Workstation Supplementary 6 , Red Hat Inc. Red Hat Enterprise Linux Server Supplementary 7 , Red Hat Inc. Red Hat Enterprise Linux Server Supplementary 6 , Red Hat Inc. Red Hat Enterprise Linux HPC Node Supplementary 6 , Red Hat Inc. Red Hat Enterprise Linux Desktop Supplementary 6 , Red Hat Inc. Red Hat Enterprise Linux ComputeNode Supplementary 7 , IBM Corp. IBM i 6.1 , IBM Corp. IBM i 7.1 , IBM Corp. IBM i 7.2 , IBM Corp. IBM i 7.3 , IBM Corp. IBM Aix 5.3 , IBM Corp. IBM Aix 6.1 , IBM Corp. IBM Aix 7.1 , IBM Corp. IBM Aix 7.2 , Canonical Ltd. Ubuntu 18.04 LTS , Apple Inc. MacOS \u0434\u043e High Sierra 10.13 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Apple Inc. iOS \u0434\u043e 11.0 , Canonical Ltd. Ubuntu 16.04 ESM , Apple Inc. watchOS \u0434\u043e 4 , Apple Inc. tvOS \u0434\u043e 11 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 inflateMark \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 zlib, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438, \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u044e\u0449\u0438\u0435 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0447\u0438\u0441\u0435\u043b (CWE-189)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 inflateMark (inflate.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 zlib \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043e\u0442\u0440\u0438\u0446\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0447\u0438\u0441\u0435\u043b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043d\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044e \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html\nhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html\nhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html\nhttp://www.openwall.com/lists/oss-security/2016/12/05/21\nhttp://www.securityfocus.com/bid/95131\nhttp://www.securitytracker.com/id/1039427\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1402348\nhttps://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958\nhttps://security.gentoo.org/glsa/201701-56\nhttps://wiki.mozilla.org/images/0/09/Zlib-report.pdf\nhttps://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib\nhttps://ubuntu.com/security/notices/USN-4292-1\nhttps://ubuntu.com/security/notices/USN-4246-1\nhttps://www.oracle.com/security-alerts/cpujul2020.html\nhttps://www.oracle.com/security-alerts/cpuoct2017.html\nhttps://www.oracle.com/security-alerts/cpuoct2018.html\nhttps://support.apple.com/ru-ru/HT208144\nhttps://support.apple.com/ru-ru/HT208115\nhttps://support.apple.com/ru-ru/HT208113\nhttps://support.apple.com/ru-ru/HT208112\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00027.html\nhttps://lists.debian.org/debian-lts-announce/2020/01/msg00030.html\nhttps://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/MRDJW3XPN3FW5WF3DYT3WFOMUPP6KZBF/\nhttps://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/OMSIGJVQEP2NTF5TWWHTMFKCQAJECWL4/\nhttps://lists.opensuse.org/archives/list/updates@lists.opensuse.org/message/BZLCLEULOCMWPTCCKHV4XUTP4TXOHF66/\nhttps://access.redhat.com/security/cve/CVE-2016-9842\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-189",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CVE-2016-9842 (GCVE-0-2016-9842)

Vulnerability from cvelistv5 – Published: 2017-05-23 03:56 – Updated: 2025-12-04 16:36

Summary

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

microfocus

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2017:1221	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1220	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:3047	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/1…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/95131	vdb-entryx_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:3046	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2017-0…	vendor-advisoryx_refsource_SUSE
	https://security.gentoo.org/glsa/201701-56	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id/1039427	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:1222	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2017-0…	vendor-advisoryx_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2017:3453	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2016-1…	vendor-advisoryx_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2017:2999	vendor-advisoryx_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4246-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/4292-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://support.apple.com/HT208144	x_refsource_CONFIRM
	https://wiki.mozilla.org/MOSS/Secure_Open_Source/…	x_refsource_MISC
	https://support.apple.com/HT208113	x_refsource_CONFIRM
	https://support.apple.com/HT208112	x_refsource_CONFIRM
	https://support.apple.com/HT208115	x_refsource_CONFIRM
	https://wiki.mozilla.org/images/0/09/Zlib-report.pdf	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1402348	x_refsource_CONFIRM
	https://github.com/madler/zlib/commit/e54e1299404…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202007-54	vendor-advisoryx_refsource_GENTOO

Date Public ?

2016-09-30 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1221"
          },
          {
            "name": "RHSA-2017:1220",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1220"
          },
          {
            "name": "RHSA-2017:3047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3047"
          },
          {
            "name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
          },
          {
            "name": "95131",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95131"
          },
          {
            "name": "RHSA-2017:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3046"
          },
          {
            "name": "openSUSE-SU-2017:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
          },
          {
            "name": "GLSA-201701-56",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-56"
          },
          {
            "name": "1039427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039427"
          },
          {
            "name": "RHSA-2017:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1222"
          },
          {
            "name": "openSUSE-SU-2017:0080",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          },
          {
            "name": "openSUSE-SU-2016:3202",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
          },
          {
            "name": "RHSA-2017:2999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2999"
          },
          {
            "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
          },
          {
            "name": "USN-4246-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4246-1/"
          },
          {
            "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
          },
          {
            "name": "USN-4292-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4292-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208144"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208112"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208115"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
          },
          {
            "name": "GLSA-202007-54",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-54"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-9842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-04T16:34:37.454444Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1335",
                "description": "CWE-1335 Incorrect Bitwise Shift of Integer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-04T16:36:07.397Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:16:04.000Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "RHSA-2017:1221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1221"
        },
        {
          "name": "RHSA-2017:1220",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1220"
        },
        {
          "name": "RHSA-2017:3047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3047"
        },
        {
          "name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
        },
        {
          "name": "95131",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95131"
        },
        {
          "name": "RHSA-2017:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3046"
        },
        {
          "name": "openSUSE-SU-2017:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
        },
        {
          "name": "GLSA-201701-56",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-56"
        },
        {
          "name": "1039427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039427"
        },
        {
          "name": "RHSA-2017:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1222"
        },
        {
          "name": "openSUSE-SU-2017:0080",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        },
        {
          "name": "openSUSE-SU-2016:3202",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
        },
        {
          "name": "RHSA-2017:2999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2999"
        },
        {
          "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
        },
        {
          "name": "USN-4246-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4246-1/"
        },
        {
          "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
        },
        {
          "name": "USN-4292-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4292-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208144"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208112"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208115"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
        },
        {
          "name": "GLSA-202007-54",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-54"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-9842",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1221",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "RHSA-2017:1220",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "RHSA-2017:3047",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3047"
            },
            {
              "name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
            },
            {
              "name": "95131",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95131"
            },
            {
              "name": "RHSA-2017:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3046"
            },
            {
              "name": "openSUSE-SU-2017:0077",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
            },
            {
              "name": "GLSA-201701-56",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-56"
            },
            {
              "name": "1039427",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "name": "RHSA-2017:1222",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "openSUSE-SU-2017:0080",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            },
            {
              "name": "openSUSE-SU-2016:3202",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
            },
            {
              "name": "RHSA-2017:2999",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2999"
            },
            {
              "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
            },
            {
              "name": "USN-4246-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4246-1/"
            },
            {
              "name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
            },
            {
              "name": "USN-4292-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4292-1/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://support.apple.com/HT208144",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208144"
            },
            {
              "name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
              "refsource": "MISC",
              "url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
            },
            {
              "name": "https://support.apple.com/HT208113",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208113"
            },
            {
              "name": "https://support.apple.com/HT208112",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208112"
            },
            {
              "name": "https://support.apple.com/HT208115",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208115"
            },
            {
              "name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
              "refsource": "MISC",
              "url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
            },
            {
              "name": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958",
              "refsource": "CONFIRM",
              "url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
            },
            {
              "name": "GLSA-202007-54",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-54"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-9842",
    "datePublished": "2017-05-23T03:56:00.000Z",
    "dateReserved": "2016-12-05T00:00:00.000Z",
    "dateUpdated": "2025-12-04T16:36:07.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2017-02383

CVE-2016-9842 (GCVE-0-2016-9842)

Tags

Sightings

Nomenclature